path: root/security/openvpn20/files/openvpn.sh.in

#!/bin/sh
#
# openvpn.sh - load tun/tap driver and start OpenVPN daemon
#
# (C) Copyright 2005 - 2008 by Matthias Andree
# based on suggestions by Matthias Grimm and Dirk Gouders
# with multi-instance contribution from Denis Shaposhnikov, Gleb Kozyrev
# and Vasil Dimov
#
# $FreeBSD$
# 
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along with
# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
# Street, Fifth Floor, Boston, MA 02110-1301, USA.

# PROVIDE: openvpn
# REQUIRE: DAEMON
# KEYWORD: shutdown

# -----------------------------------------------------------------------------
#
# This script supports running multiple instances of openvpn.
# To run additional instance link this script to something like
# % ln -s openvpn openvpn_foo
# and define additional openvpn_foo_* variables in one of
# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/openvpn_foo
#
# Below NAME should be substituted with the name of this script. By default
# it is openvpn, so read as openvpn_enable. If you linked the script to
# openvpn_foo, then read as openvpn_foo_enable etc.
#
# The following variables are supported (defaults are shown).
# You can place them in any of
# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/NAME
#
# NAME_enable="NO"	# set to YES to enable openvpn
# NAME_if=""		# driver(s) to load, set to "tun", "tap" or "tun tap"
#
# # optional:
# NAME_flags=""				# additional command line arguments
# NAME_configfile="%%PREFIX%%/etc/openvpn/NAME.conf"	# --config file
# NAME_dir="%%PREFIX%%/etc/openvpn"	# --cd directory
#
# You also need to set NAME_configfile and NAME_dir, if the configuration
# file and directory where keys and certificates reside differ from the above
# settings.
#
# Note that we deliberately refrain from unloading drivers.
#
# For further documentation, please see openvpn(8).
#

. %%RC_SUBR%%

case "$0" in
/etc/rc*)
	# during boot (shutdown) $0 is /etc/rc (/etc/rc.shutdown),
	# so get the name of the script from $_file
	name=$(basename "$_file" .sh)
	;;
*)
	name=$(basename "$0" .sh)
	;;
esac

rcvar=$(set_rcvar)

openvpn_precmd()
{
	for i in $interfaces ; do
		# FreeBSD <= 5.4 does not know kldstat's -m option
		# FreeBSD >= 6.0 does not add debug.* sysctl information
		# in the default build - we check both to keep things simple
		if ! sysctl debug.if_${i}_debug >/dev/null 2>&1 \
			&& ! kldstat -m if_${i} >/dev/null 2>&1 ; then
			if ! kldload if_${i} ; then
				warn "Could not load $i module."
				return 1
			fi
		fi
	done
	return 0
}

stop_postcmd()
{
	rm -f "$pidfile" || warn "Could not remove $pidfile."
}

# support SIGHUP to reparse configuration file
extra_commands="reload"

# pidfile
pidfile="/var/run/${name}.pid"

# command and arguments
command="%%PREFIX%%/sbin/openvpn"

# run this first
start_precmd="openvpn_precmd"
# and this last
stop_postcmd="stop_postcmd"

load_rc_config ${name}

eval ": \${${name}_enable:=\"NO\"}"
eval ": \${${name}_flags:=\"\"}"
eval ": \${${name}_if:=\"\"}"
eval ": \${${name}_configfile:=\"%%PREFIX%%/etc/openvpn/${name}.conf\"}"
eval ": \${${name}_dir:=\"%%PREFIX%%/etc/openvpn\"}"

configfile="$(eval echo \${${name}_configfile})"
dir="$(eval echo \${${name}_dir})"
interfaces="$(eval echo \${${name}_if})"

required_files=${configfile}
command_args="--cd ${dir} --daemon ${name} --config ${configfile} --writepid ${pidfile}"

run_rc_command "$1"